The recent OpenOffice worm may be a sign that malware writers are starting to target the increasingly popular open-source software, industry experts say.
First discovered last month, the OpenOffice macro-based worm is spread through a file called badbunny.odg. The worm, named SB/Badbunny-A, affects OpenOffice users on Windows, Linux and Mac platforms.
In an interview, Wilvin Chee, research director of IDC's Asia-Pacific software research group, noted that the OpenOffice worm could be an isolated incident, but it could also be a sign that malware writers are starting to capitalise on the rising popularity of open-source software.
"But we have to see how much of this malware is coming out into the open," Chee said.
Symantec said the prevalence of the Badbunny worm in the wild is "very low". The impact on businesses and consumers has so far been minimal, thanks to coding errors in the worm that limit its ability to spread, Symantec said. As of 12 June, the security vendor has not received any new reports of the threat from customers.
Ooi Szu-Khiam, senior security consultant at Symantec Singapore, said that the author of the Badbunny worm has clearly noted that OpenOffice has been downloaded over 80 million times, and saw in it the opportunity to create something that could work across many platforms.
VIDEO
Dialogue Box 7.4: The expanding digital universe
How much data will be created and stored in 50 years' time? Rupert and Charles make some extrapolations and come to a startling conclusion
"Malware creators are always on the lookout for new avenues to exploit in order to spread their worms and Trojans, and the home-user sector is a particularly attractive target," Ooi said.
According to Symantec's latest Internet Security Threat report, 98 percent of all targeted attacks in the Asia-Pacific region are aimed at consumers.
Ooi noted that open-source software in itself is not more vulnerable to attacks compared to proprietary software. He added that history has shown that the majority of security flaws are still found in closed-source and proprietary software from vendors such as Microsoft, Oracle and IBM.
Moreover, Ooi said, if open source is a key reason for security vulnerabilities, there should be more instances of vulnerabilities in open-source software, but this is currently not the case. "The popularity of a software and/or operating system is still the major factor in determining its attractiveness to malware creators," he noted.
Ooi said that malware creators, such as software developers, have always been looking at ways to write software once and run it on many platforms.
"If you can develop something that will work reliably across Windows, Linux and Mac, then you'll obviously get a lot more bang for your buck," he said. "Malware creators are also in pursuit of this goal."
Ooi added: "As long as there is a potential to profit, cause widespread disruption, or to be the first to create a malware, you will find malware creators pushing the envelope in those spaces".
"The constant evolution of threats has proven malware creators to be very creative in their endeavours," Ooi said.
Talkback
As long as there is a potential to profit, you will find "security" vendors pushing their products, even if it means causing unwarranted widespread panic or inventing a non-existent problem.
As all Open Source OS"s become more popular they are going to be targeted, but not with the same success rate as windoze. The nix's are still more secure than windoze and can be hardened more effective that the Redmond swiss cheese OS.
<p> My thoughts exactly. I'd like to add that no software or OS is invulnerable, but buying "add-ons" to secure a highly vulnerable OS is analogous to using snake oil.
</p>
<p> <a href="http://chanweiyee.blogspot.com/2007/05/unpatched-symantec-flaw-leads-to-u-of.html">http://chanweiyee.blogspot.com/2007/05/unpatched-symantec-flaw-leads-to-u-of.html </a>
</p>
<p>Strong security starts with the basics. Slapping on add-ons is not a good solution.
</p>